Lessons From a Midwestern City Hit by Ryuk Ransomware

Many companies of all sizes face an increased risk of disaster with the growing threat of ransomware. Ryuk is malware that a Russian-based eCrime group created. They were targeting large organizations for high ransomware payments. But in January 2020, a midwestern U.S. city was also a victim of this group.

 

Multi-Point Attack

The small IT team provides critical services to the city’s residents. The hackers launched a multi-point attack:

  • Anti-virus and security software was disabled
  • Azure Share was compromised
  • Domain controller was accessed, and host profile was edited to install the ransomware upon login and startup
  • Employees were locked out
  • Readme file provided instructions for payment

 

Ransomware Recovery with Low RPO

At that point, the governor was on the verge of declaring a state of emergency. The IT team called Datrium Customer Support and the FBI, and they joined forces to build a war room. Unlike other businesses that had to shut down for weeks, go out of business, or pay their attackers hundreds of thousands of dollars, this city was able to recover from ransomware quickly without paying its attacker.

 

Watch the On-Demand Webinar

Watch the on-demand webinar to learn more about the process the team used to restore the environment with minimal RPO using best practices for disaster recovery and ransomware protection.

You’ll learn how to quickly identify the signs of an attack, restore your systems with a clean, golden image, protect critical virtual machines by establishing protection groups, and create your backup and retention strategy to ensure a low RPO.

You’ll also hear about Datrium’s new Ransomware Prevention and Recovery Guide. We built this detailed guide based on our expertise, the experience we gained working with the FBI, and helping dozens of customers successfully recover from ransomware attacks.

 

On-Demand Webinar Details

Title: What You Can Learn From a City’s Recovery From Ransomware

Speakers: Brett Foy, Global Vice President, Sales Engineering at Datrium and Joshua Cocos, Technical Support Team Lead at Datrium

Watch Now